Re: [PATCH 1/2] audit: fix NUL handling in untrusted strings

view
thread

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Andrew Morton

Subject: Re: [PATCH 1/2] audit: fix NUL handling in untrusted strings

Date: Thursday, September 11, 2008 - 12:14 pm

On Thu, 11 Sep 2008 00:23:38 +0200
Miloslav Trma__ <mitr@redhat.com> wrote:

quoted text> audit_string_contains_control() stops checking at the first NUL byte.
> If audit_string_contains_control() returns FALSE,
> audit_log_n_untrustedstring() submits the complete string - including
> the NUL byte and all following bytes, up to the specified maximum length
> - to audit_log_n_string(), which copies the data unchanged into the
> audit record.
> 
> The audit record can thus contain a NUL byte (and some unchecked data
> after that).  Because the user-space audit daemon treats audit records
> as NUL-terminated strings, an untrusted string that is shorter than the
> specified maximum length effectively terminates the audit record.
> 
> This patch modifies audit_log_n_untrustedstring() to only log the data
> before the first NUL byte, if any.

It's unclear how serious this problem is.  Do you believe that it is
sufficiently serious to warrant merging these fixes into 2.6.27? 
2.6.26.x?  2.6.25.x?

Thanks.
--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[PATCH 1/2] audit: fix NUL handling in untrusted strings, Miloslav , (Wed Sep 10, 3:23 pm)

Re: [PATCH 1/2] audit: fix NUL handling in untrusted strings, Eric Paris, (Thu Sep 11, 7:25 am)

Re: [PATCH 1/2] audit: fix NUL handling in untrusted strings, Miloslav , (Thu Sep 11, 7:43 am)

Re: [PATCH 1/2] audit: fix NUL handling in untrusted strings, Andrew Morton, (Thu Sep 11, 12:14 pm)

Re: [PATCH 1/2] audit: fix NUL handling in untrusted strings, Miloslav , (Thu Sep 11, 12:37 pm)

Navigation

Popular discussions


linux-kernel:
Christoph Lameter	[PATCH 1/2] Make page->private usable in compound pages V1
Luben Tuikov	Re: Integration of SCST in the mainstream Linux kernel
Alexey Dobriyan	Re: [2.6.22.2 review 09/84] Fix rfkill IRQ flags.
Michal Nazarewicz	Re: [PATCH] USB: Gadget: g_multi: added INF file for gadget with multiple configur...
Jesse Barnes	Re: PCI probing changes
git:
Jakub Narebski	Re: GSoC 2008 - Mentors Wanted!
Jan Harkes	Re: git-svn and huge data and modifying the git-svn-HEAD branch directly
Andy Parkins	git-fetch fails with error code 128
Marcus Griep	Re: [PATCH 1/3] Git.pm: Add faculties to allow temp files to be cached
Junio C Hamano	Re: [JGIT PATCH 2/2] Decrease the fetch pack client buffer to the lower minimum
git-commits-head:
Linux Kernel Mailing List	ARM: 5970/1: nomadik-gpio: fix spinlock usage
Linux Kernel Mailing List	sh-sci: update receive error handling for muxed irqs
Linux Kernel Mailing List	No need to do lock_super() for exclusion in generic_shutdown_super()
Linux Kernel Mailing List	x86, msr: Export the register-setting MSR functions via /dev/*/msr
Linux Kernel Mailing List	Input: gpio-keys - add support for disabling gpios through sysfs
linux-netdev:
Eric Dumazet	[PATCH] net: ALIGN/PTR_ALIGN cleanup in alloc_netdev_mq()/netdev_priv()
Patrick McHardy	[NET_SCHED]: sch_ingress: remove netfilter support
Rose, Gregory V	RE: __bad_udelay in network driver breaks build
Patrick McHardy	Re: no reassembly for outgoing packets on RAW socket
Frans Pop	svc: failed to register lockdv1 RPC service (errno 97).
openbsd-misc:
ropers	Re: Real men don't attack straw men
elitdostlar	Seks partneri arayan bayanlar bu adreste - 8878xs706x6438
Marcus Andree	Re: This is what Linus Torvalds calls openBSD crowd
Lars D. Noodén	Re: sshd.config and AllowUsers
Henning Brauer	Re: Sun Blade 1000?

Colocation donated by:

Syndicate